summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--etc/disable-common.inc1
-rw-r--r--etc/nyx.profile58
-rw-r--r--src/firecfg/firecfg.config2
3 files changed, 61 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 6a599893e..89c029a61 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -302,6 +302,7 @@ blacklist ${HOME}/.msmtprc
302blacklist ${HOME}/.mutt 302blacklist ${HOME}/.mutt
303blacklist ${HOME}/.muttrc 303blacklist ${HOME}/.muttrc
304blacklist ${HOME}/.netrc 304blacklist ${HOME}/.netrc
305blacklist ${HOME}/.nyx
305blacklist ${HOME}/.pki 306blacklist ${HOME}/.pki
306blacklist ${HOME}/.smbcredentials 307blacklist ${HOME}/.smbcredentials
307blacklist ${HOME}/.ssh 308blacklist ${HOME}/.ssh
diff --git a/etc/nyx.profile b/etc/nyx.profile
new file mode 100644
index 000000000..aa3275a00
--- /dev/null
+++ b/etc/nyx.profile
@@ -0,0 +1,58 @@
1# Firejail profile for nyx
2# This file is overwritten after every install/update
3# Persistent local customizations
4include nyx.local
5# Persistent global definitions
6include globals.local
7
8noblacklist ${PATH}/python3*
9noblacklist /usr/include/python3*
10noblacklist /usr/lib/python3*
11noblacklist /usr/local/lib/python3*
12noblacklist /usr/share/python3*
13
14noblacklist ${HOME}/.nyx
15
16mkdir ${HOME}/.nyx
17
18whitelist ${HOME}/.nyx
19
20include disable-common.inc
21include disable-devel.inc
22include disable-interpreters.inc
23include disable-passwdmgr.inc
24include disable-programs.inc
25include disable-xdg.inc
26
27# apparmor
28caps.drop all
29# ipc-namespace
30netfilter
31no3d
32nodbus
33nodvd
34nogroups
35nonewprivs
36noroot
37nosound
38notv
39nou2f
40novideo
41protocol unix,inet,inet6
42seccomp
43shell none
44# tracelog
45
46disable-mnt
47private-bin nyx,python
48private-cache
49private-dev
50private-etc passwd,tor
51# private-lib
52private-opt none
53private-srv none
54private-tmp
55
56# memory-deny-write-execute
57noexec ${HOME}
58noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 21dcd8f20..551133328 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -200,6 +200,7 @@ google-chrome-beta
200google-chrome-stable 200google-chrome-stable
201google-chrome-unstable 201google-chrome-unstable
202google-earth 202google-earth
203google-earth-pro
203google-play-music-desktop-player 204google-play-music-desktop-player
204gpa 205gpa
205gpicview 206gpicview
@@ -317,6 +318,7 @@ neverball
317nheko 318nheko
318nitroshare 319nitroshare
319nylas 320nylas
321nyx
320obs 322obs
321ocenaudio 323ocenaudio
322odt2txt 324odt2txt